AWS bedrock-agentcore documentation change
Summary
Added option to update API keys via AWS Secrets Manager in addition to direct input. Introduced selection method with two options: direct entry or Secrets Manager reference.
Security assessment
Adds documentation about secure secret management option (Secrets Manager) but doesn't address a specific security vulnerability. Enhances security posture documentation.
Diff
diff --git a/bedrock-agentcore/latest/devguide/identity-update-api-key.md b/bedrock-agentcore/latest/devguide/identity-update-api-key.md index bef3eeeb4..b2b028148 100644 --- a//bedrock-agentcore/latest/devguide/identity-update-api-key.md +++ b//bedrock-agentcore/latest/devguide/identity-update-api-key.md @@ -19 +19,11 @@ You can update an existing API key to replace the key value when your external s - 4. In the **Update API key** dialog, in **API key** , enter the updated key value provided by your external service. AgentCore Identity securely stores this new value and makes it available to your agent at runtime. + 4. In the **Update API key** dialog, for **API key selection method** , choose one of the following options: + + 1. **Provide API key** – Enter the API key value directly. + + 1. For **API key** , enter the updated key value provided by your external service. AgentCore Identity securely stores this new value and makes it available to your agent at runtime. + + 2. **Provide API key via Secrets Manager** – Reference a secret stored in AWS Secrets Manager instead of entering the value directly. + + 1. For **Secrets Manager** , enter or select the ARN of the Secrets Manager secret that contains your API key. + + 2. For **JSON key** , enter the JSON key in your Secrets Manager secret that contains the API key value.